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PATENT 



CLAIMS 

What is claimed is: 



1 1, A system for generating an asymmetric crypto-key usable to 

2 transform messages to encrypt and decrypt or sign the messages for 

3 a user, comprising: 

4 a first processor configured to (i) generate a private crypto- 

5 key and a corresponding public crypto-key associated with the user, 

6 (ii) divide the private crypto-key into a first private key 

7 portion, based on a password of the user, and a second private key 



8 portion, (iii) destroy the private crypto-key and the first private 

9 key portion without distribution thereof and without storage 

10 thereof in a persistent state, and (iv) store only the second 

11 private key portion and the public crypto-key in a persistent 

12 state; and 



13 a second processor representing a user and configured to (i) 

14 generate, responsive to receipt of an inputting of and based on the 

15 user password, only the first private key portion, and (ii) 

16 destroy, without storing in a persistent state, the generated first 

17 private key portion. 

1 2. A system according to claim 1, wherein the user password 

2 has a bit length of between 56 and 72 bits and the generated first 

3 private key portion has a bit length of at least 257 bits. 

1 3. A system according to claim 1, wherein the 

2 first private key portion is generated in accordance with a one way 

3 function. 

1 4. A system according to claim 3, wherein: 

2 the first processor and the second processor are further 

3 configured to selectively operate in a first mode and a second 

4 mode; 
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5 in the first mode the first processor and the second processor 

6 apply the one way function a first number of times to generate the 

7 first private key portion; and 

8 in the second mode the first processor and the second 

9 processor apply the one way function a second number of times, 

10 different than the first number of times, to generate the first 

11 private key portion. 

1 5. A system according to claim 4, wherein: 

2 the first processor and the second processor are further 

3 configured to select one of the first and second mode for operation 

4 based on at least one of an identity of the user and a strength of 

5 the user password. 

1 6. A system according to claim 3, wherein: 

2 the first processor and the second processor are further 

3 configured to select the one way function from a group of one way 

4 functions. 

1 7. A system according to claim 6, wherein: 

2 the first processor and the second processor are further configured 

3 to select the one way function based upon at least one of an 

4 identity of the user and a strength of the user password. 

1 8. A system according to claim 1, wherein: 

2 the second processor is further configured to encrypt or sign 

3 a message with the first private key portion prior to destroying 

4 the generated first private key portion; and the first processor is 

5 further configured to recover or verify the encrypted message by 

6 applying the stored second private key portion and the public key. 

1 9. A system for asymmetrically transforming a message, 

2 comprising: 
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3 a first processor representing a user and configured to 

4 generate, based on a password of the user, a first portion of a 

5 private crypto-key, to transform a message with the first private 

6 key portion, and to destroy the generated private key portion after 

7 transforming the message and; 

8 a second processor configured to further transform the 

9 transformed message by applying at least one of a second portion of 

10 the private crypto-key and a public crypto-key, both of which 

11 correspond to the first private key portion. 

1 10. A system according to claim 9, further comprising: 

2 a storage device configured to store the second private key 

3 portion and the public crypto-key in a persistent state; 

4 wherein the applied at least one of a second portion of the 

5 private crypto-key and a public crypto-key is at least one of the 

6 stored second private key portion and the stored public crypto-key, 

7 and the second processor is further configured to retrieve the at 

8 least one of the stored second private key portion and the stored 

9 public crypto-key based on the user password; 

10 wherein the first private key portion is never stored in a 

11 persistent state. 
1 

1 11. A system according to claim 9, wherein the user password 

2 has a bit length of between 56 and 72 bits and the generated first 

3 private key portion has a bit length of at least 257 bits. 

1 12. A system according to claim 9, wherein the first private 

2 key portion is generated in accordance with a one way function. 

1 13. A system according to claim 12, wherein: 

2 the first processor and the second processor are further 

3 configured to selectively operate in a first mode and a second 

4 mode; 
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5 in the first mode the first processor and the second processor 

6 apply the one way function a first number of times to generate the 

7 first private key portion; and 

8 in the second mode the first processor and the second 

9 processor apply the one way function a second number of times, 

10 different than the first number of times, to generate the first 

11 private key portion. 

1 14. A system according to claim 31, wherein: 

2 the first processor and the second processor are further 

3 configured to select one of the first and second mode for operation 

4 based on at least one of an identity of the user and a strength of 

5 the user password. 

1 15. A system according to claim 12, wherein: 

2 the first processor and the second processor are further 

3 configured to select the one way function from a group of one way 

4 functions . 

1 16. A system according to claim 15, wherein: 

2 the first processor and the second processor are further configured 

3 to select the one way function based upon at least one of an 

4 identity of the user and a strength of the user password 

1 17. A system for communicating a transformed message, in 

2 which a user is associated with a private crypto-key and a 

3 corresponding public crypto-key, and the private crypto-key has a 

4 first private key portion and a second private key portion, 

5 comprising : 

6 a first networked device, representing the user, configured to 

7 generate the first private key portion, to transform a first 

8 message with the generated first private key portion to form a 

9 second message, and to transmit the second message; 
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10 a second networked device configured to store the public 

11 crypto-key and the second private key portion, to receive the 

12 second message, and to further transform the second message with 

13 the second private portion to obtain the first message; 

14 wherein the first private portion is (i) not stored at any 

15 networked device and (ii) not transmitted over the network. 

1 18. A method for generating an asymmetric crypto-key usable 

2 to transform messages to both encrypt and decrypt the messages for 

3 a user, comprising: 

4 generating, based upon a password of the user, a private 

5 crypto-key and a corresponding public crypto-key associated with 

6 the user; 

7 dividing the private crypto-key into a first private key 

8 portion and a second private key portion; 

9 destroying the private crypto-key and the first private key 

10 portion without distribution thereof and without storage thereof in 

11 a persistent state; 

12 separately generating, responsive to receipt of, and based 

13 upon, the user password, only the first private key portion; and 

14 destroying, without storing in a persistent state, the 

15 separately generated first private key portion. 

1 19. The method according to claim 18, wherein the password has 

2 a bit length of 56 to 72 bits and the generated first private key 

3 portion has a bit length of at least 257 bits. 

1 20. The method according to claim 18, wherein the first 

2 private key portion is generated in accordance with a one way 

3 function, 

1 21. The method according to claim 18, further comprising: 

2 selecting one of a first mode and a second mode in which to 
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3 generate the first private key portion in accordance with a one way 

4 function; 

5 wherein the first mode the one way function is applied to the 

6 password a first number of times to generate the first private key 

7 portion; and 

8 wherein the second mode the one way function is applied to the 

9 password a second number of times, different than the first number 
10 of times, to generate the first private key portion. 

1 22. The method according to claim 21, wherein selection of the 

2 first and second mode is based on at least one of an identity of 

3 the user and a strength of the user password. 

1 23. The method according to claim 18, further comprising: 

2 selecting a one way function from a group of one way 

3 functions; and 

4 generating the first private key portion in accordance with 

5 the selected one way function; 

6 wherein selection of the one way function is based upon at 

7 least one of an identity of the user and a strength of the user 

8 password. 

1 24. The method according to claim 18, further comprising: 

2 transforming a message with the generated first private key 

3 portion prior to destruction thereof; and 

4 further transforming the message by applying at least one of 

5 the second private key portion and the public crypto-key. 
1 

1 25. The method according to claim 24, further comprising: 

2 storing the second private key portion and the public crypto- 

3 key in a persistent state; and 

4 retrieving the at least one of the stored second private key 

5 portion and the stored public crypto-key; 
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6 wherein the applied at least one of the second private key 

7 portion and the public crypto-key is at least one of the retrieved 

8 at least one of the second private key portion and the public 

9 crypto-key; and 

10 wherein the first private key portion is never stored in a 

11 persistent state. 
1 

1 26. A method for communicating a transformed message, in which 

2 a user is associated with a private crypto-key and a corresponding 

3 public crypto-key, and the private crypto-key has a first private 

4 key portion and a second private key portion, comprising: 

5 generating the first private key portion and transforming a 

6 first message with the generated first private key portion; 

7 further transforming the first message with the second private 

8 portion; 

9 wherein the first private portion is (i) not stored at any 
10 networked device and (ii) not transmitted over a network. 

1 27, The method according to claim 26, further comprising: 

2 processing a password to generate the first private key 

3 portion; 

4 wherein the password has a bit length of 56 to 72 bits and the 

5 generated first private key portion has a bit length of at least 

6 257 bits. 

1 28. The method according to claim 27, wherein the first 

2 private key portion is generated in accordance with a one way 

3 function. 

1 29. The method according to claim 27, further comprising: 

2 selecting one of a first mode and a second mode in which to 

3 generate the first private key portion in accordance with a one way 

4 function; 
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5 wherein the first mode the one way function is applied to the 

6 password a first number of times to generate the first private key 

7 portion; and 

8 wherein the second mode the one way function is applied to the 

9 password a second number of times, different than the first number 
10 of times, to generate the first private key portion. 

1 30. The method according to claim 29, wherein selection of the 

2 first and second mode is based on at least one of an identity of 

3 the user and a strength of the user password. 

1 31. The method according to claim 27, further comprising: 

2 selecting a one way function from a group of one way 

3 functions; and 

4 generating the first private key portion in accordance with 

5 the selected one way function; 

6 wherein selection of the one way function is based upon at 

7 least one of an identity of the user and a strength of the user 

8 password. 
1 
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